October 2025 Patch Tuesday: Fixes for 175 Vulnerabilities and More

Microsoft October 2025 Patch Tuesday Windows 10 end of support zero-day vulnerabilities CVE-2025-24990 CVE-2025-59230 CVE-2025-59287 WSUS RCE Microsoft Office RCE Windows 10 ESU
Edward Zhou
Edward Zhou

CEO & Co-Founder

 
October 15, 2025
4 min read

TL;DR

  • Microsoft's October 2025 Patch Tuesday addresses a record 175 vulnerabilities, including six zero-days, three of which are actively exploited. This massive security update also marks the official end of support for Windows 10, urging users to migrate or enroll in the Extended Security Updates (ESU) program to maintain security.

Microsoft's October 2025 Patch Tuesday

Microsoft has released its October 2025 security update, addressing a significant number of vulnerabilities across its product range. The update includes fixes for 175 vulnerabilities, marking it as the largest release of the year. Among these, several are critical, including actively exploited zero-day vulnerabilities. The Cybersecurity and Infrastructure Security Agency (CISA) has added these zero-days to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to apply the patches promptly.

Zero-Day Vulnerabilities

The October 2025 Patch Tuesday addresses six zero-day vulnerabilities, with three being actively exploited in the wild.

  • CVE-2025-24990: Windows Agere Modem Driver Elevation of Privilege Vulnerability. Successful exploitation allows attackers to gain administrator privileges. The vulnerable driver, ltmdm64.sys, ships with every version of Windows. Microsoft is removing the driver entirely, which means that any fax modem hardware that relies on the driver will no longer work on Windows.
  • CVE-2025-59230: Windows Remote Access Connection Manager (RasMan) Elevation of Privilege Vulnerability. This vulnerability involves improper access control and can be exploited by an authorized attacker to gain system privileges.
  • CVE-2025-47827: IGEL OS Secure Boot Bypass. This vulnerability abuses overly lax cryptographic verification of the root filesystem, allowing bypass of Secure Boot.

Agere Modem Driver Vulnerabilities (CVE-2025-24990 and CVE-2025-24052)

Image courtesy of The Hacker News

CVE-2025-24052 and CVE-2025-24990 are Elevation of Privilege (EoP) vulnerabilities in the third-party Agere Modem driver. Both CVEs have a CVSSv3 score of 7.8. Microsoft reports that CVE-2025-24990 has been exploited in the wild. Successful exploitation would allow an attacker to gain administrator privileges on an affected system. The ltmdm64.sys driver has historically shipped natively with supported Windows operating systems but will no longer be supported following the October update. Microsoft notes that ltmdm64.sys-dependent hardware will no longer work on Windows and recommends users remove existing dependencies.

Windows Remote Access Connection Manager Vulnerability (CVE-2025-59230)

CVE-2025-59230 is an EoP vulnerability affecting Windows Remote Access Connection Manager. According to Microsoft, this vulnerability has been exploited in the wild. It has a CVSSv3 score of 7.8. Exploitation of this vulnerability involves improper access control in Windows Remote Access Connection Manager and could allow a local attacker to gain SYSTEM privileges. There have been 22 reported and patched vulnerabilities for the Windows Remote Access Connection Manager service (RasMan) since January 2022. CVE-2025-59230 is the first reported RasMan CVE to be exploited as a zero-day.

Windows Server Update Service (WSUS) RCE Vulnerability (CVE-2025-59287)

CVE-2025-59287 is a Remote Code Execution (RCE) vulnerability in the Windows Server Update Service (WSUS). It has a CVSSv3 score of 9.8. An attacker could exploit this vulnerability to gain RCE by sending a crafted event that leads to a deserialization of untrusted data.

Microsoft Office RCE Vulnerabilities (CVE-2025-59227, CVE-2025-59234)

CVE-2025-59227 and CVE-2025-59234 are RCE vulnerabilities in Microsoft Office. Both vulnerabilities have a CVSSv3 score of 7.8. An attacker could exploit these flaws through social engineering by sending a malicious Microsoft Office document file to an intended target. Successful exploitation would grant code execution privileges to the attacker. Microsoft notes that the Preview Pane is an attack vector for both CVEs, which means exploitation does not require the target to open the file.

Windows Cloud Files Mini Filter Driver EoP Vulnerability (CVE-2025-55680)

CVE-2025-55680 is an EoP vulnerability in the Windows Cloud Files Mini Filter Driver. It has a CVSSv3 score of 7.8. A local, authenticated attacker would need to win a race condition in order to exploit this vulnerability. Successful exploitation would allow the attacker to elevate to SYSTEM privileges.

Additional Vulnerabilities

Windows 10 End of Support

As of October 14, Windows 10 has reached its end of support. This means that no new security updates will be released for Windows 10 without being enrolled in the Extended Security Updates (ESU) program. Long-Term Servicing Branch (LTSB) support for Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise LTSB 2015 has also ended.

Extended Security Updates (ESU) Program

Windows 10 ESU

Image courtesy of Tom's Hardware

The Consumer Extended Security Update (ESU) program will give up to a year of additional security updates (though not feature updates or official troubleshooting support), culminating on October 13, 2026, no matter when you take it out. To take advantage of the ESU scheme, you'll need a Windows 10 system running version 22H2, Home, Professional, Pro Education, or Workstations edition. Commercial Windows 10 installations are subject to a different ESU program.

There are three ways to join the ESU program:

Additional Microsoft Products End of Support

Several Microsoft products have reached end of support:

Edward Zhou
Edward Zhou

CEO & Co-Founder

 

CEO & Co-Founder of Gopher Security, leading the development of Post-Quantum cybersecurity technologies and solutions.

Related News

2026 Cybersecurity Trends: Dominance of Vulnerability Exploits
vulnerability exploits

2026 Cybersecurity Trends: Dominance of Vulnerability Exploits

Vulnerability exploits now account for 40% of cyber intrusions, surpassing phishing. Learn how shrinking patch windows and edge device targets are changing security.

By Brandon Woo April 6, 2026 3 min read
common.read_full_article
Surge in Vulnerability Exploits: Cyber Intrusions Trends 2026
cybersecurity trends 2026

Surge in Vulnerability Exploits: Cyber Intrusions Trends 2026

Vulnerability exploits now drive 40% of cyberattacks as hackers weaponize flaws within hours. Learn why traditional patching is failing and how to adapt. Read more.

By Divyansh Ingle March 30, 2026 3 min read
common.read_full_article
Surge in Vulnerability Exploits Dominates 2026 Cyber Intrusions
Vulnerability Exploitation

Surge in Vulnerability Exploits Dominates 2026 Cyber Intrusions

Hackers are weaponizing zero-days within hours of disclosure, leaving traditional patch cycles in the dust. Learn how to bridge the security gap with MFA and Zero-Trust.

By Alan V Gutnov March 23, 2026 4 min read
common.read_full_article
Vulnerability Exploits Dominate Cyber Intrusions in 2026 Trends
vulnerability exploits

Vulnerability Exploits Dominate Cyber Intrusions in 2026 Trends

Exploits are the leading cause of cyber intrusions, outpacing phishing. Discover the latest trends and essential strategies to protect your organization. Read now!

By Brandon Woo March 16, 2026 3 min read
common.read_full_article